Forcing users to change their password at next logon

To force users to change their password the next time they log into Windows, set the pwdLastSet attribute to 0. This value corresponds to the User must change password at next logon checkbox in Active Directory Users and Computers. Note that Bravura Security Fabric does not copy this property from the template account.

The pwdLastSet attribute cannot be set if the template account has the Password never expires checkbox enabled. You can clear the Password never expires attribute by clearing the corresponding UF_DONT_EXPIRE_PASSWD flag of the userAccountControl attribute.